CVE-2011-0199
published 2011-06-24CVE-2011-0199: The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | >= 10.6.0 < 10.6.8 | 10.6.8 |
| apple | mac_os_x_server | >= 10.6.0 < 10.6.8 | 10.6.8 |